Cisco Access Registrar 5.0

Available Languages

Download Options

Cisco
® Access Registrar is the leading Cisco RADIUS and Diameter authentication, authorization, and accounting (AAA) server for the service provider market. It supports service provider deployment of access services by centralizing AAA information and simplifying provisioning and management. Cisco Access Registrar is a standards-based RADIUS/Diameter and proxy RADIUS/Diameter server designed for high performance, extensibility, and integration with external data stores and systems. It provides an ideal solution for service providers with wide-area broadband (WiMax), wide-area mobile Code Division Multiple Access (CDMA), General Packet Radio Service (GPRS), Universal Mobile Telecommunications Service (UMTS), 1xRTT, 1xEV-DOrA), wired and wireless local-area networks (Wi-Fi, WiMax), dial-up, and DSL services.

Table 1 lists the features of Cisco Access Registrar.

Table 1. Cisco Access Registrar Features

Feature

Description

Authentication

Cisco Access Registrar supports a wide range of authentication including the latest Extensible Authentication Protocol (EAP) methods. User information can be stored in its internal database or external directories or databases.

Cisco Access Registrar has the flexibility to implement complex realm and AAA policies used in today's multiple-technology service provider environments. It also provides interfaces for automated configuration provisioning and custom-built AAA methods.

Scalability

Cisco Access Registrar provides an option to customers to decide whether session management needs to be done internal by Cisco Access Registrar or needs to off-load the active session information to an external database like Oracle to achieve multi-million sessions.

Cisco Access Registrar 5.0 adds support to the Diameter base protocol as per RFC 3588. The Diameter base application needs to be supported by all Diameter implementations.

Support for Diameter provides the following facilities:

• Supports authentication with the help of a local database or an external database (such as Lightweight Directory Access Protocol [LDAP], Open Database Connectivity [ODBC])

• Does session management and resource management as Cisco Access Registrar currently does for the RADIUS packet

• Supports writing the Diameter accounting packet in a local file or proxy to another AAA server

• Supports adding, modifying, or deleting the attribute-value pairs (AVPs) in Diameter packets through extension point scripting only for the local AAA service

• Supports open-ended Diameter applications

Cisco Access Registrar 5.0 process Diameter packets through profiles, polices, and rules, the same as for RADIUS packets, and supports session management and extension point scripting. Cisco Access Registrar 5.0 supports authentication through external databases with the interfaces such as LDAP and ODBC.

Another application that is supported as a part of this release is Diameter Network Access Server Application as per RFC 4005.

SIGTRAN, a working group of the Internet Engineering Task Force (IETF), has defined a protocol for the transport of real-time signaling data over IP networks. Cisco Access Registrar supports SS7oIP through SIGTRAN, a new transport layer that uses Stream Control Transmission Protocol (SCTP).

WiMAX NWG Stage 3 Latest Document Support

The WiMAX forum keeps updating the stage 3 document to address various requirements needed in the WiMAX communication between various devices that exist in the network. Cisco Access Registrar 5.0 complies with the Network Working Group (NWG) stage 3 document version 1.3.1 released in 2009 and addresses the newly added WiMAX attributes.

WiMAX Provisioning Server Support Along with Bootstrap Encryption Key

Cisco Access Registrar 5.0 provides support to generate and cache the bootstrap encryption key (BEK) when it receives the authentication request from the unprovisioned WiMAX subscriber or device.

Cisco Access Registrar can identify the unprovisioned device either by looking into the special pattern in the access request (for example, the User-Name attribute used in a RADIUS access request will be a temporary ID that indicates the unprovisioned device) or by performing explicit database lookup.

When the Cisco Access Registrar receives the accounting start packet for the unprovisioned device:

• IP, MAC address, and BEK of this unprovisioned device need to be sent to the Open Mobile Alliance Device Management (OMA-DM) server to initiate the provisioning.

• Cisco Access Registrar needs to maintain the IP address to MAC address association using the web service until it receives the provisioning complete message from the OMA-DM server.

The back-end portal could query the Cisco Access Registrar web service for this unprovisioned device MAC address by giving the device IP address and also the OMA-DM server request the Cisco Access Registrar web service to validate the MAC to IP address association.

The communication between Cisco Access Registrar and OMA-DM/portal server is through web service by using Simple Object Access Protocol (SOAP) over HTTPS. It is assumed that the OMA-DM server (or a mediation function) will have a web service that Cisco Access Registrar can use to communicate.

Lawful Intercept Support in Cisco Access Registrar

Cisco Access Registrar 5.0 provides support for Intercept Access Point (IAP), which is responsible for receiving the intercept/monitoring request for the subscriber whose Access Associated Communications Identifying Information (AA CMIII) is to be intercepted and delivered to a Law Interception Server (LIS).

Following intercept requests from LIS are supported by Cisco Access Registrar 5.0:

• ProvisionTarget: To start monitoring the target user

• DeprovisionTarget: To stop monitoring the target user

• LinkUpdate: To query the target user in monitored list

• ListTarget: To list all the users that are currently being monitored

Session Scalability

The goal is to enhance the current session scalability of Cisco Access Registrar to hold multimillions of active sessions by storing the active session records on an external database server (Oracle) instead of storing it in the internal memory of Cisco Access Registrar.

Some of the internal variables and data structures of session management are modified in such a way as not to affect existing functionality as well as to optimize database reads/writes by means of a cache.

With single instance of Cisco Access Registrar 5.0, customers can scale multimillions of active sessions. Session scalability of Cisco Access Registrar with an external database depends upon the potentiality of the database. Supported Oracle database servers are 10g and 11i.

An option is provided to the customer to decide whether the active session information needs to be stored internally or externally.

Interim Accounting Update Support for ODBC Server

Cisco Access Registrar Release 5.0 will address the interim accounting records with DELETE and UPDATE entries to the external database.

In Cisco Access Registrar Release 5.0 the graphical user interface (GUI) is completely revamped with the latest Java technologies to give a better look and feel with support for configuring most of the objects in Cisco Access Registrar. The Cisco Access Registrar 5.0 GUI has support for Internet Explorer version 6, 7, 8.

Cisco UCS represents a radical simplification of traditional architectures, dramatically reducing the number of devices that must be purchased, cabled, configured, powered, cooled, and secured. The solution delivers end-to-end optimization for virtualized environments while retaining the ability to support traditional OSs and application stacks in physical environments.

Cisco UCS is built to meet today's demands while being ready to accommodate future technologies-including more powerful processors and faster Ethernet standards-as they become available.

Cisco Access Registrar Director License

Cisco Access Registrar Director is a lightweight software version of Cisco Access Registrar that provides only the proxy function and scripting capability. Cisco Access Registrar Director can be used in proxy scenarios in which a customer is going to use Access Registrar only for the proxy functionality or in load balancing, where Access Registrar can be used as a load balancer to the backed RADIUS servers. No other service is available as part of Cisco Access Registrar Director. It supports both RADIUS and Diameter proxies.

Existing Cisco Access Registrar customers with versions 3.x or 4.x with or without a Software Application Support (SAS) contract can upgrade to Cisco Access Registrar 5.0 by purchasing the appropriate upgrade part numbers listed in Table 4.